Jump to content


Honorary Members
  • Posts

  • Joined

  • Last visited

Posts posted by JeffIT

  1. Hi we have been recovering form a ransomware attack and one thing that is strange is we are not finding anything on any device to show that there was a malicious file when we run scan with MalwareBytes Endpoint Protection. We restored to an earlier backup on a different server but every scan comes back with zero malicious files found. Is there som extra steps we should be taking before we put the system back on live for our staff? 

  2. Hi Exile and thanks for the swift reply. I got onto the phone support at the same time and it turned out a service had failed and that was causing it to show as unlicensed they were saying. While on the call the system restarted the service and the license showed back up as Licensed so all is good now thankfully. Not a great thing to see on your server first thing in the morning but thankfully it is all sorted now.

  3. Hi,


    I have this unusual issue with my malwarebytes management console where when I am in the Admin -> Client Push Install the IP address boxes are showing up as smaller than normal. What this means is that I am unable to see the last octet in the address. I can type in there but it is something I need fixed as I can never see what this last octet actually has within it.

    Has anyone had this before or know a fix for it? 

    MalwareBytes MC ip search small.PNG

  4. A new member of our IT team has this unusual issue where they when they log into the MalwareBytes Management Console and go to the Client Push Install tab within the Admin section they cannot see the last part of the IP range boxes. They can click on that part and type but can not see it ever. Also the system is stopping him form pushing out a Simulate Client Install as well. What do I do to resolve this issue?


  5. Hi,

    I am having an issue with an inbound connection threat that is attempting to access one of our servers for the last couple of weeks. Usually it gets blocked once a day but this increased this week to a lot more where yesterday when we had 6. Although Malwarebytes is stopping it, I want to be certain there is nothing else on our systems and I am looking to find out what more I can do to minimise threats like this. The detection threat is shown in the attached image. We have malwarebytes anti malware and anti exploit installed on all servers and workstations.

    Apologies if this is not in the correct section.

    mwb inbound threat.png

  6. Thanks djaconson that is good to know in regards to the double entries.

    Can I ask you if setting this service to delayed startup is a workable solution?

    The reason I ask is we have quite a few things running at startup which is possibly after creating the issue. Currently we have quite a few computers showing up as unregistered and I am manually logging onto them and starting or restarting this service, as needed, with elevated permissions. I am also looking at a gpo to ensure this service runs so that I can avoid this scenario going forwards.

  7. Hi guys,

    I have a potentially infected computer that came up almost all clear from Malwarebytes AntiMalware, AdwCleaner and FRST scans. AdwCleaner found 1 PUP.optional.legacy and it was cleaned but mbam-log came up clear. Not so sure what to check in the text files from FRST. Would somebody be able to help put my mind at ease by helping me make sure I have done all I can?

  8. 11 hours ago, Rbuck117 said:

    Per Malwarebytes support:
    We are currently getting reports of this block and our development is currently working on a resolution.
    “Block”/Error Message: Protection against OS Security Bypass/Process hollowing protection. 

    When I chatted w/ Malwarebytes support they indicated that a recent update to Anti-Exploit has been causing false positives, specifically w/ Office programs. 
    The temporary workaround is to disable memory patch hijacking protection on the agent(s) (server-side).
    I have not been updated on a resolution since. 

    Hope it helps! 

    OK so only disabled the memory patch hijack selection. I better re-enable the others that I had disabled yesterday. Thanks Rbuck117. 

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.